Organizations will face cyber security threats in eight key areas in 2019, according to a newly released report from global consulting firm Booz Allen.
The firm asked its top analysts to identify the "blockbuster attacks" and threat landscape shifts that could change the face of cyber security this year, and included details in the 2019 Cyber Threat Outlook report.
Here are the eight key threats, along with steps organizations can take to address them, according to the firm:
In recent years, many governments have learned how to manipulate their opponents' opinions and decisions with cyber activity, sometimes called "information warfare." This activity encompasses a range of tactics, from orchestrating targeted breaches followed by data leaks to employing troll armies to push disinformation.
Booz Allen expects states to increasingly apply their growing information-warfare methods to economic conflict. Organizations should implement a threat intelligence program that provides strategic indication and context of economic and political events that could trigger cyberattacks to harm corporate operations and reputation.
They should also keep security and business operations proactively informed of the potential impact to the company of impending shifts in the political and economic environment.
Internet of Things (IoT) devices
In the rush to bring IoTdevices to market, sales often trump security, the firm said. Criminals have capitalized on this reality with for-profit schemes that frequently abuse thousands of near-identical products. Connected products have been enlisted to mine cryptocurrency, launch denial-of-service attacks, and cause other mischief. In 2019, state-linked adversaries will likely increasingly abuse these devices to further their espionage efforts.
To address this, organizations should change default passwords and close all unnecessary open ports on existing IoT devices on their networks; establish a process to inventory, identify, scan, and secure new devices as they are integrated into the environment; and include IoT devices in vulnerability management programs.
Chip and PIN weaknesses
Criminals might use Europay, Mastercard and Visa (EMV) chip cards for the command-and-control of malware on infected EMV device readers.
Companies such as retailers should ensure that logical and physical access to point-of-sale (POS) machines is restricted to only the users and accounts that require access, and disable access methods such as USB where possible. They should also increase monitoring at the file-system level on EMV-enabled POS machines to alert when files are being accessed outside of normal operations.
Weaponization of adware networks
Adware is thought of as a minor nuisance by most organizations and is widely ignored by security operations. Traditionally, it was not done much more than show advertisements and has been reliably detected by antivirus products. But newer forms of adware have techniques to improve their ability to persist on a host and infect more machines.
Enterprises should instruct security teams to treat adware alerts as potential threats rather than a nuisance; and implement endpoint detection capabilities to identify more serious attacks that originate from adware networks.
Artificial Intelligence (AI) in information warfare
AI-generated video—commonly referred to as "deepfakes"—use machine-learning algorithms to create highly believable forgeries that can be used to depict individuals saying or doing things that never occurred, the report noted. The use of these techniques could be appealing to threat actors interested in weaponizing data for influence operations.
Organizations should develop a reputation-monitoring capability to alert public relations and communications teams of breaking negative news about the organization, true or not; and conduct regular proactive outreach on social media to combat misinformation campaigns.
Expanding wireless attack surface
Examples of threat actors expanding the bounds of wireless attacks have already emerged, with a wave of vulnerability disclosures and in-the-wild attacks targeting Bluetooth devices, the report said. Security researchers have disclosed several high-profile vulnerabilities in the past two years that impacted billions of devices running major mobile, desktop, and IoT operating systems.
To combat this, organizations should disable unused wireless protocols where possible, such as Bluetooth on laptops and desktops; and expand the scope of existing attack surface and penetration test assessments to include known propriety wireless protocols exposed to the public.
- US charges 12 Russian hackers tied to DNC cyberattacks (CNET)
- The 6 most popular cyberattack methods hackers use (TechRepublic)
State-sponsored threat actors
The US now regularly and publicly accuses other countries for sponsoring attacks and campaigns, the report noted. In 2018, the US faulted Russia for targeting the US power grid and other incidents. A multitude of private-sector assessments suggest that state-groups may have raised their game.
Companies need to assume that advanced attackers might use commodity malware and advanced tradecraft in some combination with deception in mind, focus their incident response and preparedness efforts beyond attribution, and spend time learning from the tactics, techniques, and procedures of attacks.
Water utility targeting
Booz Allen said disruptive state-sponsored cyberattacks on US water utilities are unlikely. But water disruption attacks are relevant for many US companies with global footprints.
Those companies need to secure these systems from the ground up with a focus on multi-layered segmentation and threat detection to ensure their ongoing, safe operation, the report said.